当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0117687

漏洞标题:艺龙网某站点svn泄漏源代码

相关厂商:艺龙旅行网

漏洞作者: lijiejie

提交时间:2015-06-02 12:20

修复时间:2015-07-17 15:42

公开时间:2015-07-17 15:42

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:6

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-02: 细节已通知厂商并且等待厂商处理中
2015-06-02: 厂商已经确认,细节仅向厂商公开
2015-06-12: 细节向核心白帽子及相关领域专家公开
2015-06-22: 细节向普通白帽子公开
2015-07-02: 细节向实习白帽子公开
2015-07-17: 细节向公众公开

简要描述:

艺龙网某站点svn泄漏源代码, 可获取数据库帐号

详细说明:

SVN泄漏:

http://ssl.elong.com/hotel2/.svn/entries


elong.png

漏洞证明:

<?php
if(!defined('IN_ELONGSDK')) {
	exit('Access Denied');
}
$_SC = array();
//数据库参数配置
$_SC['dbhost']                  = '211.151.230.166'; //服务器地址
$_SC['dbuser']                  = 'lohoo'; //用户
$_SC['dbpw']                    = 'lohoonopass123'; //密码
//数据库参数配置
$_SC['dbhost']                  = '127.0.0.1'; //服务器地址
$_SC['dbuser']                  = 'root'; //用户
$_SC['dbpw']                    = 'root'; //密码
$_SC['dbcharset']               = 'utf8'; //字符集
$_SC['pconnect']                = 0; //是否持续连接
$_SC['dbname']                  = 'elongsdk'; //数据库
$_SC['charset']                 = 'utf-8'; //页面字符集
//程序参数配置
$_SC['gzipcompress']    		= 0; //启用gzip
$_SC['template']                = ''; //选择模板目录
$_SC['timeoffset']              = 8; //时区偏移量
$_SC['gzipcompress']            = 0; //是否启用gzip
$_SC['lang']         	  		= "cn"; //语言 cn,en
$_SC['lang_num']         	  	= "2"; //如果部署中英文版值为2,值为2时,域名/en/目录为英文版,默认为1
     
//合作伙伴参数配置
$_SC['elongcard']           = '617265612'; //elong分配的代理卡号
$_SC['orderfrom']           = '5062'; //elong分配的orderfrom值
$_SC['agencyid']            = 'AP0016114'; //elong分配的代理编号
$_SC['api_user']            = 'AP0016114'; //elong分配的api访问用户名
$_SC['api_password']        = 'AP0016114'; //elong分配的api访问密码
$_SC['endpoint']			='http://114-svc.elong.com/NorthBoundService/V1.1/NorthBoundAPIService.asmx?WSDL'; 
$_SC['fanli']				='http://jump.fanli.qq.com/redirect.php?mall_id=10043&force_login=1&login_type=1&show_page=0';
//test api server
//$_SC['endpoint']			='http://192.168.9.24/newNorthBoundService/V1.1/NorthBoundAPIService.asmx?WSDL';
//test api server
//测试
//$_SC['endpoint']			  ='http://211.151.230.209/NewNorthBoundService/V1.1/NorthBoundAPIService.asmx?WSDL'; 
$_sc['timeout']				  =30; //api的超时时间
//网站中文参数
$_SC['web_url']          	  = "http://go.qq.com/"; //网站域名
$_SC['local_url']			  = "http://qq.elong.com";
$_SC['web_name']          	  = ""; //网站名称
$_SC['web_tel']          	  = "4006-997788"; //预订电话
$_SC['web_beian']         	  = ""; //备案号
$_SC['apiorder']              = 0; //0为链接到elong完成预定,1为通过api完成预定
$_SC['book']             	  = '酒店预订'; 
//导航城市
//地标分类
$pointtypes = array(
'1'=>'景点',
'2'=>'主题',
'3'=>'交通',
'4'=>'医院',
'5'=>'商企行政',
'7'=>'生活服务',
'8'=>'购物',
'9'=>'餐馆',
'10'=>'学校',
);
$urlcode=urlencode("http://".$_SERVER ['HTTP_HOST'].$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']);
?>

修复方案:

删除.svn文件夹

版权声明:转载请注明来源 lijiejie@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-06-02 15:40

厂商回复:

已确认,谢谢

最新状态:

暂无